b682e9
b682e9
%global pkgname   dirsrv
b682e9
%global srcname   389-ds-base
b682e9
b682e9
# Exclude i686 bit arches
b682e9
ExcludeArch: i686
b682e9
b682e9
# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
b682e9
# also remove the space between % and global - this space is needed because
b682e9
# fedpkg verrel stupidly ignores comment lines
b682e9
#% global prerel .rc3
b682e9
# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
b682e9
#% global relprefix 0.
b682e9
b682e9
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
b682e9
%global use_Socket6 0
b682e9
b682e9
%global use_asan 0
b682e9
%global use_rust 0
8394b4
%global use_legacy 1
b682e9
%global bundle_jemalloc 1
b682e9
%if %{use_asan}
b682e9
%global bundle_jemalloc 0
b682e9
%endif
b682e9
b682e9
%if %{bundle_jemalloc}
b682e9
%global jemalloc_name jemalloc
8394b4
%global jemalloc_ver 5.2.1
b682e9
%global __provides_exclude ^libjemalloc\\.so.*$
b682e9
%endif
b682e9
b682e9
# Use Clang instead of GCC
b682e9
%global use_clang 0
b682e9
b682e9
# fedora 15 and later uses tmpfiles.d
b682e9
# otherwise, comment this out
b682e9
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
b682e9
b682e9
# systemd support
b682e9
%global groupname %{pkgname}.target
b682e9
b682e9
# set PIE flag
b682e9
%global _hardened_build 1
b682e9
b682e9
Summary:          389 Directory Server (base)
b682e9
Name:             389-ds-base
8394b4
Version:          1.4.2.4
ea1d1b
Release:          %{?relprefix}10%{?prerel}%{?dist}
b682e9
License:          GPLv3+
b682e9
URL:              https://www.port389.org
b682e9
Group:            System Environment/Daemons
b682e9
Conflicts:        selinux-policy-base < 3.9.8
b682e9
Conflicts:        freeipa-server < 4.0.3
b682e9
Obsoletes:        %{name} <= 1.4.0.9
b682e9
Provides:         ldif2ldbm >= 0
b682e9
b682e9
BuildRequires:    nspr-devel
b682e9
BuildRequires:    nss-devel >= 3.34
b682e9
BuildRequires:    perl-generators
b682e9
BuildRequires:    openldap-devel
b682e9
BuildRequires:    libdb-devel
b682e9
BuildRequires:    cyrus-sasl-devel
b682e9
BuildRequires:    icu
b682e9
BuildRequires:    libicu-devel
b682e9
BuildRequires:    pcre-devel
b682e9
BuildRequires:    cracklib-devel
b682e9
%if %{use_clang}
b682e9
BuildRequires:    libatomic
b682e9
BuildRequires:    clang
b682e9
%else
b682e9
BuildRequires:    gcc
b682e9
BuildRequires:    gcc-c++
b682e9
%endif
b682e9
# The following are needed to build the snmp ldap-agent
b682e9
BuildRequires:    net-snmp-devel
b682e9
BuildRequires:    lm_sensors-devel
b682e9
BuildRequires:    bzip2-devel
b682e9
BuildRequires:    zlib-devel
b682e9
BuildRequires:    openssl-devel
b682e9
# the following is for the pam passthru auth plug-in
b682e9
BuildRequires:    pam-devel
b682e9
BuildRequires:    systemd-units
b682e9
BuildRequires:    systemd-devel
b682e9
%if %{use_asan}
b682e9
BuildRequires:    libasan
b682e9
%endif
b682e9
# If rust is enabled
b682e9
%if %{use_rust}
b682e9
BuildRequires: cargo
b682e9
BuildRequires: rust
b682e9
%endif
b682e9
BuildRequires:    pkgconfig
b682e9
BuildRequires:    pkgconfig(systemd)
232633
BuildRequires:    pkgconfig(krb5)
b682e9
b682e9
# Needed to support regeneration of the autotool artifacts.
b682e9
BuildRequires:    autoconf
b682e9
BuildRequires:    automake
b682e9
BuildRequires:    libtool
b682e9
# For our documentation
b682e9
BuildRequires:    doxygen
b682e9
# For tests!
b682e9
BuildRequires:    libcmocka-devel
b682e9
BuildRequires:    libevent-devel
b682e9
# For lib389 and related components
b682e9
BuildRequires:    python%{python3_pkgversion}
b682e9
BuildRequires:    python%{python3_pkgversion}-devel
b682e9
BuildRequires:    python%{python3_pkgversion}-setuptools
b682e9
BuildRequires:    python%{python3_pkgversion}-ldap
b682e9
BuildRequires:    python%{python3_pkgversion}-six
b682e9
BuildRequires:    python%{python3_pkgversion}-pyasn1
b682e9
BuildRequires:    python%{python3_pkgversion}-pyasn1-modules
b682e9
BuildRequires:    python%{python3_pkgversion}-dateutil
b682e9
BuildRequires:    python%{python3_pkgversion}-argcomplete
b682e9
BuildRequires:    python%{python3_pkgversion}-argparse-manpage
b682e9
BuildRequires:    python%{python3_pkgversion}-policycoreutils
b682e9
BuildRequires:    python%{python3_pkgversion}-libselinux
b682e9
b682e9
# For cockpit
b682e9
BuildRequires:    rsync
b682e9
b682e9
Requires:         %{name}-libs = %{version}-%{release}
b682e9
Requires:         python%{python3_pkgversion}-lib389 = %{version}-%{release}
b682e9
b682e9
# this is needed for using semanage from our setup scripts
b682e9
Requires:         policycoreutils-python-utils
b682e9
Requires:         /usr/sbin/semanage
b682e9
Requires:         libsemanage-python%{python3_pkgversion}
b682e9
b682e9
Requires:         selinux-policy >= 3.14.1-29
b682e9
b682e9
# the following are needed for some of our scripts
b682e9
Requires:         openldap-clients
b682e9
Requires:         openssl-perl
b682e9
Requires:         python%{python3_pkgversion}-ldap
b682e9
b682e9
# this is needed to setup SSL if you are not using the
b682e9
# administration server package
b682e9
Requires:         nss-tools
b682e9
Requires:         nss >= 3.34
b682e9
b682e9
# these are not found by the auto-dependency method
b682e9
# they are required to support the mandatory LDAP SASL mechs
b682e9
Requires:         cyrus-sasl-gssapi
b682e9
Requires:         cyrus-sasl-md5
b682e9
Requires:         cyrus-sasl-plain
b682e9
b682e9
# this is needed for verify-db.pl
b682e9
Requires:         libdb-utils
b682e9
8394b4
# Needed for password dictionary checks
8394b4
Requires:         cracklib-dicts
8394b4
b682e9
# This picks up libperl.so as a Requires, so we add this versioned one
b682e9
Requires:         perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
b682e9
Requires:         perl-Errno >= 1.23-360
b682e9
b682e9
# Needed by logconv.pl
b682e9
Requires:         perl-DB_File
b682e9
Requires:         perl-Archive-Tar
b682e9
232633
# Needed for password dictionary checks
232633
Requires:         cracklib-dicts
232633
b682e9
# Picks up our systemd deps.
b682e9
%{?systemd_requires}
b682e9
b682e9
Obsoletes:        %{name} <= 1.3.5.4
b682e9
232633
Source0:          https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2
b682e9
# 389-ds-git.sh should be used to generate the source tarball from git
b682e9
Source1:          %{name}-git.sh
b682e9
Source2:          %{name}-devel.README
b682e9
%if %{bundle_jemalloc}
b682e9
Source3:          https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
b682e9
%endif
8394b4
Patch00:          0000-Issue-50712-Version-comparison-doesn-t-work-correctl.patch
8394b4
Patch01:          0001-Issue-50499-Fix-npm-audit-issues.patch
8394b4
Patch02:          0002-Issue-50701-Add-additional-healthchecks-to-dsconf.patch
8394b4
Patch03:          0003-Issue-50701-Fix-type-in-lint-report.patch
8394b4
Patch04:          0004-Issue-50816-dsconf-allows-the-root-password-to-be-se.patch
8394b4
Patch05:          0005-Issue-50812-dscontainer-executable-should-be-placed-.patch
8394b4
Patch06:          0006-Ticket-50741-bdb_start-Detected-Disorderly-Shutdown-.patch
8394b4
Patch07:          0007-Ticket-50667-dsctl-l-did-not-respect-PREFIX.patch
8394b4
Patch08:          0008-Ticket-50709-Several-memory-leaks-reported-by-Valgri.patch
8394b4
Patch09:          0009-Ticket-50736-RetroCL-trimming-may-crash-at-shutdown-.patch
8394b4
Patch10:          0010-Issue-50806-Fix-minor-issues-in-lib389-health-checks.patch
8394b4
Patch11:          0011-Issue-50599-Remove-db-region-files-prior-to-db-recov.patch
8394b4
Patch12:          0012-Issue-50798-incorrect-bytes-in-format-string-fix-imp.patch
8394b4
Patch13:          0013-Issue-50824-dsctl-remove-fails-with-name-ensure_str-.patch
8394b4
Patch14:          0014-Issue-50818-dsconf-pwdpolicy-get-error.patch
8394b4
Patch15:          0015-Ticket-50709-cont-Several-memory-leaks-reported-by-V.patch
8394b4
Patch16:          0016-Issue-50829-Disk-monitoring-rotated-log-cleanup-caus.patch
8394b4
Patch17:          0017-Ticket-50745-ns-slapd-hangs-during-CleanAllRUV-tests.patch
8394b4
Patch18:          0018-Ticket-50727-change-syntax-validate-by-default-in-1..patch
8394b4
Patch19:          0019-Ticket-50727-correct-mistaken-options-in-filter-vali.patch
8394b4
Patch20:          0020-Issue-50599-Fix-memory-leak-when-removing-db-region-.patch
8394b4
Patch21:          0021-Issue-50834-Incorrectly-setting-the-NSS-default-SSL-.patch
8394b4
Patch22:          0022-Ticket-50741-cont-bdb_start-Detected-Disorderly-Shut.patch
8394b4
Patch23:          0023-Issue-49254-Fix-compiler-failures-and-warnings.patch
8394b4
Patch24:          0024-Issue-49990-Need-to-enforce-a-hard-maximum-limit-for.patch
8394b4
Patch25:          0025-Issue-50850-Fix-dsctl-healthcheck-for-python36.patch
8394b4
Patch26:          0026-Ticket-49624-cont-DB-Deadlock-on-modrdn-appears-to-c.patch
8394b4
Patch27:          0027-Issue-50823-dsctl-doesn-t-work-with-slapd-in-the-ins.patch
8394b4
Patch28:          0028-Ticket-50857-Memory-leak-in-ACI-using-IP-subject.patch
8394b4
Patch29:          0029-Issue-50873-Fix-issues-with-healthcheck-tool.patch
8394b4
Patch30:          0030-Issue-50873-Fix-healthcheck-and-virtual-attr-check.patch
8394b4
Patch31:          0031-Issue-50886-Typo-in-the-replication-debug-message.patch
8394b4
Patch32:          0032-Issue-50882-Fix-healthcheck-errors-for-instances-tha.patch
8394b4
Patch33:          0033-Ticket-50490-objects-and-memory-leaks.patch
8394b4
Patch34:          0034-Issue-50780-Fix-UI-issues.patch
ea1d1b
Patch35:          0035-Issue-51129-SSL-alert-The-value-of-sslVersionMax-TLS.patch
ea1d1b
Patch36:          0036-Issue-49731-undo-db_home_dir-under-dev-shm-dirsrv-fo.patch
b682e9
b682e9
%description
b682e9
389 Directory Server is an LDAPv3 compliant server.  The base package includes
b682e9
the LDAP server and command line utilities for server administration.
b682e9
%if %{use_asan}
b682e9
WARNING! This build is linked to Address Sanitisation libraries. This probably
b682e9
isn't what you want. Please contact support immediately.
b682e9
Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
b682e9
%endif
b682e9
b682e9
%package          libs
b682e9
Summary:          Core libraries for 389 Directory Server
b682e9
Group:            System Environment/Daemons
b682e9
BuildRequires:    nspr-devel
b682e9
BuildRequires:    nss-devel >= 3.34
b682e9
BuildRequires:    openldap-devel
b682e9
BuildRequires:    libdb-devel
b682e9
BuildRequires:    cyrus-sasl-devel
b682e9
BuildRequires:    libicu-devel
b682e9
BuildRequires:    pcre-devel
b682e9
BuildRequires:    libtalloc-devel
b682e9
BuildRequires:    libevent-devel
b682e9
BuildRequires:    libtevent-devel
b682e9
Requires:         krb5-libs
b682e9
Requires:         libevent
b682e9
BuildRequires:    systemd-devel
b682e9
Provides:         svrcore = 4.1.4
b682e9
Conflicts:        svrcore
b682e9
Obsoletes:        svrcore <= 4.1.3
b682e9
b682e9
%description      libs
b682e9
Core libraries for the 389 Directory Server base package.  These libraries
b682e9
are used by the main package and the -devel package.  This allows the -devel
b682e9
package to be installed with just the -libs package and without the main package.
b682e9
8394b4
%if %{use_legacy}
b682e9
%package          legacy-tools
8394b4
Summary:          Legacy utilities for 389 Directory Server
b682e9
Group:            System Environment/Daemons
b682e9
Obsoletes:        %{name} <= 1.4.0.9
232633
Requires:         %{name}-libs = %{version}-%{release}
b682e9
# for setup-ds.pl to support ipv6
b682e9
%if %{use_Socket6}
b682e9
Requires:         perl-Socket6
b682e9
%else
b682e9
Requires:         perl-Socket
b682e9
%endif
b682e9
Requires:         perl-NetAddr-IP
b682e9
# use_openldap assumes perl-Mozilla-LDAP is built with openldap support
b682e9
Requires:         perl-Mozilla-LDAP
b682e9
# for setup-ds.pl
b682e9
Requires:         bind-utils
8394b4
%global __provides_exclude_from %{_libdir}/%{pkgname}/perl
8394b4
%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog)
b682e9
%{?perl_default_filter}
b682e9
b682e9
%description      legacy-tools
b682e9
Legacy (and deprecated) utilities for 389 Directory Server. This includes
b682e9
the old account management and task scripts. These are deprecated in favour of
b682e9
the dscreate, dsctl, dsconf and dsidm tools.
8394b4
%endif
b682e9
b682e9
%package          devel
b682e9
Summary:          Development libraries for 389 Directory Server
b682e9
Group:            Development/Libraries
b682e9
Requires:         %{name}-libs = %{version}-%{release}
b682e9
Requires:         pkgconfig
b682e9
Requires:         nspr-devel
b682e9
Requires:         nss-devel >= 3.34
b682e9
Requires:         openldap-devel
b682e9
Requires:         libtalloc
b682e9
Requires:         libevent
b682e9
Requires:         libtevent
b682e9
Requires:         systemd-libs
b682e9
Provides:         svrcore-devel = 4.1.4
b682e9
Conflicts:        svrcore-devel
b682e9
Obsoletes:        svrcore-devel <= 4.1.3
b682e9
b682e9
%description      devel
b682e9
Development Libraries and headers for the 389 Directory Server base package.
b682e9
b682e9
%package          snmp
b682e9
Summary:          SNMP Agent for 389 Directory Server
b682e9
Group:            System Environment/Daemons
b682e9
Requires:         %{name} = %{version}-%{release}
b682e9
b682e9
Obsoletes:        %{name} <= 1.4.0.0
b682e9
b682e9
%description      snmp
b682e9
SNMP Agent for the 389 Directory Server base package.
b682e9
b682e9
%package -n python%{python3_pkgversion}-lib389
b682e9
Summary:  A library for accessing, testing, and configuring the 389 Directory Server
b682e9
BuildArch:        noarch
b682e9
Group:            Development/Libraries
b682e9
Requires: openssl
b682e9
Requires: iproute
318adb
Requires: platform-python
ea1d1b
Recommends: bash-completion
b682e9
Requires: python%{python3_pkgversion}-ldap
b682e9
Requires: python%{python3_pkgversion}-six
b682e9
Requires: python%{python3_pkgversion}-pyasn1
b682e9
Requires: python%{python3_pkgversion}-pyasn1-modules
b682e9
Requires: python%{python3_pkgversion}-dateutil
b682e9
Requires: python%{python3_pkgversion}-argcomplete
b682e9
Requires: python%{python3_pkgversion}-libselinux
8394b4
Requires: python%{python3_pkgversion}-setuptools
8394b4
Requires: python%{python3_pkgversion}-distro
b682e9
%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
b682e9
b682e9
%description -n python%{python3_pkgversion}-lib389
b682e9
This module contains tools and libraries for accessing, testing,
b682e9
 and configuring the 389 Directory Server.
b682e9
b682e9
%package -n cockpit-389-ds
b682e9
Summary:          Cockpit UI Plugin for configuring and administering the 389 Directory Server
b682e9
BuildArch:        noarch
b682e9
Requires:         cockpit
b682e9
Requires:         platform-python
b682e9
Requires:         python%{python3_pkgversion}-lib389
b682e9
b682e9
%description -n cockpit-389-ds
b682e9
A cockpit UI Plugin for configuring and administering the 389 Directory Server
b682e9
b682e9
%prep
232633
%autosetup -p1 -v -n %{name}-%{version}%{?prerel}
b682e9
%if %{bundle_jemalloc}
232633
%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
b682e9
%endif
b682e9
cp %{SOURCE2} README.devel
b682e9
b682e9
%build
b682e9
b682e9
OPENLDAP_FLAG="--with-openldap"
b682e9
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
b682e9
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
b682e9
NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
b682e9
b682e9
%if %{use_asan}
b682e9
ASAN_FLAGS="--enable-asan --enable-debug"
b682e9
%endif
b682e9
b682e9
%if %{use_rust}
b682e9
RUST_FLAGS="--enable-rust"
b682e9
%endif
b682e9
8394b4
%if %{use_legacy}
8394b4
LEGACY_FLAGS="--enable-legacy --enable-perl"
232633
%else
8394b4
LEGACY_FLAGS="--disable-legacy --disable-perl"
b682e9
%endif
b682e9
b682e9
%if %{use_clang}
b682e9
export CC=clang
b682e9
export CXX=clang++
b682e9
CLANG_FLAGS="--enable-clang"
b682e9
%endif
b682e9
b682e9
%if %{bundle_jemalloc}
b682e9
# Build jemalloc
b682e9
pushd ../%{jemalloc_name}-%{jemalloc_ver}
b682e9
%configure \
b682e9
        --libdir=%{_libdir}/%{pkgname}/lib \
b682e9
        --bindir=%{_libdir}/%{pkgname}/bin
b682e9
make
b682e9
popd
b682e9
%endif
b682e9
b682e9
# Enforce strict linking
b682e9
%define _strict_symbol_defs_build 1
b682e9
b682e9
# Rebuild the autotool artifacts now.
b682e9
autoreconf -fiv
b682e9
b682e9
%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
b682e9
           --with-systemd \
b682e9
           --with-systemdsystemunitdir=%{_unitdir} \
b682e9
           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
b682e9
           --with-systemdgroupname=%{groupname}  \
b682e9
           --libexecdir=%{_libexecdir}/%{pkgname} \
8394b4
           $NSSARGS $ASAN_FLAGS $RUST_FLAGS $LEGACY_FLAGS $CLANG_FLAGS \
b682e9
           --enable-cmocka 
b682e9
b682e9
# lib389
b682e9
pushd ./src/lib389
b682e9
%py3_build
b682e9
popd
b682e9
# argparse-manpage dynamic man pages have hardcoded man v1 in header,
b682e9
# need to change it to v8
232633
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8
232633
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8
232633
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8
232633
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8
b682e9
b682e9
# Generate symbolic info for debuggers
b682e9
export XCFLAGS=$RPM_OPT_FLAGS
b682e9
b682e9
#make %{?_smp_mflags}
b682e9
make
b682e9
b682e9
%install
b682e9
b682e9
mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
b682e9
mkdir -p %{buildroot}%{_datadir}/cockpit
b682e9
make DESTDIR="$RPM_BUILD_ROOT" install
b682e9
8394b4
# Cockpit file list
b682e9
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
b682e9
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
b682e9
b682e9
# Copy in our docs from doxygen.
232633
cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
b682e9
b682e9
# lib389
b682e9
pushd src/lib389
b682e9
%py3_install
b682e9
popd
b682e9
b682e9
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
b682e9
mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
b682e9
mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}
b682e9
b682e9
# for systemd
b682e9
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
b682e9
b682e9
#remove libtool archives and static libs
b682e9
find %{buildroot} -type f -name "*.la" -delete
b682e9
find %{buildroot} -type f -name "*.a" -delete
b682e9
8394b4
%if %{use_legacy}
b682e9
# make sure perl scripts have a proper shebang
b682e9
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl
b682e9
%endif
b682e9
b682e9
%if %{bundle_jemalloc}
b682e9
pushd ../%{jemalloc_name}-%{jemalloc_ver}
b682e9
make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
232633
cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc
232633
cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc
b682e9
popd
b682e9
%endif
b682e9
b682e9
%check
b682e9
# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
b682e9
if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
b682e9
b682e9
%clean
b682e9
rm -rf $RPM_BUILD_ROOT
b682e9
b682e9
%post
b682e9
if [ -n "$DEBUGPOSTTRANS" ] ; then
b682e9
    output=$DEBUGPOSTTRANS
b682e9
    output2=${DEBUGPOSTTRANS}.upgrade
b682e9
else
b682e9
    output=/dev/null
b682e9
    output2=/dev/null
b682e9
fi
b682e9
b682e9
# reload to pick up any changes to systemd files
b682e9
/bin/systemctl daemon-reload >$output 2>&1 || :
b682e9
b682e9
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
b682e9
# Soft static allocation for UID and GID
b682e9
USERNAME="dirsrv"
b682e9
ALLOCATED_UID=389
b682e9
GROUPNAME="dirsrv"
b682e9
ALLOCATED_GID=389
b682e9
HOMEDIR="/usr/share/dirsrv"
b682e9
b682e9
getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME
b682e9
if ! getent passwd $USERNAME >/dev/null ; then
b682e9
    if ! getent passwd $ALLOCATED_UID >/dev/null ; then
b682e9
      /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
b682e9
    else
b682e9
      /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
b682e9
    fi
b682e9
fi
b682e9
b682e9
# Reload our sysctl before we restart (if we can)
b682e9
sysctl --system &> $output; true
b682e9
b682e9
%preun
b682e9
if [ $1 -eq 0 ]; then # Final removal
b682e9
    # remove instance specific service files/links
b682e9
    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
b682e9
fi
b682e9
b682e9
%postun
b682e9
if [ $1 = 0 ]; then # Final removal
b682e9
    rm -rf /var/run/%{pkgname}
b682e9
fi
b682e9
b682e9
%post snmp
b682e9
%systemd_post %{pkgname}-snmp.service
b682e9
b682e9
%preun snmp
b682e9
%systemd_preun %{pkgname}-snmp.service %{groupname}
b682e9
b682e9
%postun snmp
b682e9
%systemd_postun_with_restart %{pkgname}-snmp.service
b682e9
8394b4
%if %{use_legacy}
b682e9
%post legacy-tools
b682e9
b682e9
# START UPGRADE SCRIPT
b682e9
b682e9
if [ -n "$DEBUGPOSTTRANS" ] ; then
b682e9
    output=$DEBUGPOSTTRANS
b682e9
    output2=${DEBUGPOSTTRANS}.upgrade
b682e9
else
b682e9
    output=/dev/null
b682e9
    output2=/dev/null
b682e9
fi
b682e9
b682e9
# find all instances
b682e9
instances="" # instances that require a restart after upgrade
b682e9
ninst=0 # number of instances found in total
b682e9
b682e9
echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
b682e9
instbase="%{_sysconfdir}/%{pkgname}"
b682e9
for dir in $instbase/slapd-* ; do
b682e9
    echo dir = $dir >> $output 2>&1 || :
b682e9
    if [ ! -d "$dir" ] ; then continue ; fi
b682e9
    case "$dir" in *.removed) continue ;; esac
b682e9
    basename=`basename $dir`
b682e9
    inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
b682e9
    echo found instance $inst - getting status  >> $output 2>&1 || :
b682e9
    if /bin/systemctl -q is-active $inst ; then
b682e9
       echo instance $inst is running >> $output 2>&1 || :
b682e9
       instances="$instances $inst"
b682e9
    else
b682e9
       echo instance $inst is not running >> $output 2>&1 || :
b682e9
    fi
b682e9
    ninst=`expr $ninst + 1`
b682e9
done
b682e9
if [ $ninst -eq 0 ] ; then
b682e9
    echo no instances to upgrade >> $output 2>&1 || :
b682e9
    exit 0 # have no instances to upgrade - just skip the rest
b682e9
fi
b682e9
# shutdown all instances
b682e9
echo shutting down all instances . . . >> $output 2>&1 || :
b682e9
for inst in $instances ; do
b682e9
    echo stopping instance $inst >> $output 2>&1 || :
b682e9
    /bin/systemctl stop $inst >> $output 2>&1 || :
b682e9
done
b682e9
echo remove pid files . . . >> $output 2>&1 || :
b682e9
/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid
b682e9
# do the upgrade
b682e9
echo upgrading instances . . . >> $output 2>&1 || :
b682e9
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
b682e9
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
b682e9
    %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
b682e9
else
b682e9
    %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || :
b682e9
fi
b682e9
b682e9
# restart instances that require it
b682e9
for inst in $instances ; do
b682e9
    echo restarting instance $inst >> $output 2>&1 || :
b682e9
    /bin/systemctl start $inst >> $output 2>&1 || :
b682e9
done
b682e9
#END UPGRADE
b682e9
%endif
b682e9
b682e9
exit 0
b682e9
b682e9
b682e9
%files
b682e9
%if %{bundle_jemalloc}
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
b682e9
%license COPYING.jemalloc
b682e9
%else
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
b682e9
%endif
b682e9
%dir %{_sysconfdir}/%{pkgname}
b682e9
%dir %{_sysconfdir}/%{pkgname}/schema
b682e9
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
b682e9
%dir %{_sysconfdir}/%{pkgname}/config
b682e9
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
b682e9
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
b682e9
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
b682e9
%{_datadir}/%{pkgname}
b682e9
%{_datadir}/gdb/auto-load/*
b682e9
%{_unitdir}
b682e9
%{_bindir}/dbscan
b682e9
%{_mandir}/man1/dbscan.1.gz
b682e9
%{_bindir}/ds-replcheck
b682e9
%{_mandir}/man1/ds-replcheck.1.gz
b682e9
%{_bindir}/ds-logpipe.py
b682e9
%{_mandir}/man1/ds-logpipe.py.1.gz
b682e9
%{_bindir}/ldclt
b682e9
%{_mandir}/man1/ldclt.1.gz
b682e9
%{_sbindir}/ldif2ldap
b682e9
%{_mandir}/man8/ldif2ldap.8.gz
b682e9
%{_bindir}/logconv.pl
b682e9
%{_mandir}/man1/logconv.pl.1.gz
b682e9
%{_bindir}/pwdhash
b682e9
%{_mandir}/man1/pwdhash.1.gz
b682e9
%{_bindir}/readnsstate
b682e9
%{_mandir}/man1/readnsstate.1.gz
b682e9
# Remove for now: %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
b682e9
%{_sbindir}/ns-slapd
b682e9
%{_mandir}/man8/ns-slapd.8.gz
b682e9
%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
b682e9
%{_mandir}/man5/99user.ldif.5.gz
b682e9
%{_mandir}/man5/certmap.conf.5.gz
b682e9
%{_mandir}/man5/slapd-collations.conf.5.gz
b682e9
%{_mandir}/man5/dirsrv.5.gz
b682e9
%{_mandir}/man5/dirsrv.systemd.5.gz
b682e9
%{_libdir}/%{pkgname}/python
b682e9
%dir %{_libdir}/%{pkgname}/plugins
b682e9
%{_libdir}/%{pkgname}/plugins/*.so
b682e9
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
b682e9
# sysctl.d is always in /lib.
b682e9
%{_prefix}/lib/sysctl.d/*
b682e9
%dir %{_localstatedir}/lib/%{pkgname}
b682e9
%dir %{_localstatedir}/log/%{pkgname}
b682e9
%ghost %dir %{_localstatedir}/lock/%{pkgname}
b682e9
%exclude %{_sbindir}/ldap-agent*
b682e9
%exclude %{_mandir}/man1/ldap-agent.1.gz
b682e9
%exclude %{_unitdir}/%{pkgname}-snmp.service
b682e9
%if %{bundle_jemalloc}
b682e9
%{_libdir}/%{pkgname}/lib/
b682e9
%{_libdir}/%{pkgname}/bin/
b682e9
%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
b682e9
%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
b682e9
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
b682e9
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
b682e9
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
b682e9
%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
b682e9
%endif
b682e9
b682e9
%files devel
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
b682e9
%{_mandir}/man3/*
b682e9
%{_includedir}/svrcore.h
b682e9
%{_includedir}/%{pkgname}
b682e9
%{_libdir}/libsvrcore.so
b682e9
%{_libdir}/%{pkgname}/libslapd.so
b682e9
%{_libdir}/%{pkgname}/libns-dshttpd.so
b682e9
%{_libdir}/%{pkgname}/libsds.so
b682e9
%{_libdir}/%{pkgname}/libldaputil.so
b682e9
%{_libdir}/pkgconfig/svrcore.pc
b682e9
%{_libdir}/pkgconfig/dirsrv.pc
b682e9
%{_libdir}/pkgconfig/libsds.pc
b682e9
b682e9
%files libs
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
b682e9
%dir %{_libdir}/%{pkgname}
b682e9
%{_libdir}/libsvrcore.so.*
b682e9
%{_libdir}/%{pkgname}/libslapd.so.*
b682e9
%{_libdir}/%{pkgname}/libns-dshttpd-*.so
b682e9
%{_libdir}/%{pkgname}/libsds.so.*
b682e9
%{_libdir}/%{pkgname}/libldaputil.so.*
b682e9
%if %{bundle_jemalloc}
b682e9
%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
b682e9
%endif
b682e9
%if %{use_rust}
b682e9
%{_libdir}/%{pkgname}/librsds.so
b682e9
%endif
b682e9
8394b4
%if %{use_legacy}
b682e9
%files legacy-tools
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
b682e9
%{_bindir}/infadd
b682e9
%{_mandir}/man1/infadd.1.gz
b682e9
%{_bindir}/ldif
b682e9
%{_mandir}/man1/ldif.1.gz
b682e9
%{_bindir}/migratecred
b682e9
%{_mandir}/man1/migratecred.1.gz
b682e9
%{_bindir}/mmldif
b682e9
%{_mandir}/man1/mmldif.1.gz
b682e9
%{_bindir}/rsearch
b682e9
%{_mandir}/man1/rsearch.1.gz
8394b4
%{_libexecdir}/%{pkgname}/ds_selinux_enabled
8394b4
%{_libexecdir}/%{pkgname}/ds_selinux_port_query
8394b4
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
8394b4
%{_mandir}/man5/template-initconfig.5.gz
8394b4
%{_datadir}/%{pkgname}/properties/*.res
8394b4
%{_datadir}/%{pkgname}/script-templates
8394b4
%{_datadir}/%{pkgname}/updates
8394b4
%{_sbindir}/ldif2ldap
8394b4
%{_mandir}/man8/ldif2ldap.8.gz
8394b4
%{_sbindir}/bak2db
8394b4
%{_mandir}/man8/bak2db.8.gz
8394b4
%{_sbindir}/db2bak
8394b4
%{_mandir}/man8/db2bak.8.gz
8394b4
%{_sbindir}/db2index
8394b4
%{_mandir}/man8/db2index.8.gz
8394b4
%{_sbindir}/db2ldif
8394b4
%{_mandir}/man8/db2ldif.8.gz
8394b4
%{_sbindir}/dbverify
8394b4
%{_mandir}/man8/dbverify.8.gz
8394b4
%{_sbindir}/ldif2db
8394b4
%{_mandir}/man8/ldif2db.8.gz
8394b4
%{_sbindir}/restart-dirsrv
8394b4
%{_mandir}/man8/restart-dirsrv.8.gz
8394b4
%{_sbindir}/start-dirsrv
8394b4
%{_mandir}/man8/start-dirsrv.8.gz
8394b4
%{_sbindir}/status-dirsrv
8394b4
%{_mandir}/man8/status-dirsrv.8.gz
8394b4
%{_sbindir}/stop-dirsrv
8394b4
%{_mandir}/man8/stop-dirsrv.8.gz
8394b4
%{_sbindir}/upgradedb
8394b4
%{_mandir}/man8/upgradedb.8.gz
8394b4
%{_sbindir}/vlvindex
8394b4
%{_mandir}/man8/vlvindex.8.gz
b682e9
%{_sbindir}/monitor
b682e9
%{_mandir}/man8/monitor.8.gz
b682e9
%{_sbindir}/dbmon.sh
b682e9
%{_mandir}/man8/dbmon.sh.8.gz
b682e9
%{_sbindir}/dn2rdn
b682e9
%{_mandir}/man8/dn2rdn.8.gz
b682e9
%{_sbindir}/restoreconfig
b682e9
%{_mandir}/man8/restoreconfig.8.gz
b682e9
%{_sbindir}/saveconfig
b682e9
%{_mandir}/man8/saveconfig.8.gz
b682e9
%{_sbindir}/suffix2instance
b682e9
%{_mandir}/man8/suffix2instance.8.gz
b682e9
%{_sbindir}/upgradednformat
b682e9
%{_mandir}/man8/upgradednformat.8.gz
b682e9
%{_mandir}/man1/dbgen.pl.1.gz
b682e9
%{_bindir}/repl-monitor
b682e9
%{_mandir}/man1/repl-monitor.1.gz
b682e9
%{_bindir}/repl-monitor.pl
b682e9
%{_mandir}/man1/repl-monitor.pl.1.gz
b682e9
%{_bindir}/cl-dump
b682e9
%{_mandir}/man1/cl-dump.1.gz
b682e9
%{_bindir}/cl-dump.pl
b682e9
%{_mandir}/man1/cl-dump.pl.1.gz
b682e9
%{_bindir}/dbgen.pl
b682e9
%{_mandir}/man8/bak2db.pl.8.gz
b682e9
%{_sbindir}/bak2db.pl
b682e9
%{_sbindir}/cleanallruv.pl
b682e9
%{_mandir}/man8/cleanallruv.pl.8.gz
b682e9
%{_sbindir}/db2bak.pl
b682e9
%{_mandir}/man8/db2bak.pl.8.gz
b682e9
%{_sbindir}/db2index.pl
b682e9
%{_mandir}/man8/db2index.pl.8.gz
b682e9
%{_sbindir}/db2ldif.pl
b682e9
%{_mandir}/man8/db2ldif.pl.8.gz
b682e9
%{_sbindir}/fixup-linkedattrs.pl
b682e9
%{_mandir}/man8/fixup-linkedattrs.pl.8.gz
b682e9
%{_sbindir}/fixup-memberof.pl
b682e9
%{_mandir}/man8/fixup-memberof.pl.8.gz
b682e9
%{_sbindir}/ldif2db.pl
b682e9
%{_mandir}/man8/ldif2db.pl.8.gz
b682e9
%{_sbindir}/migrate-ds.pl
b682e9
%{_mandir}/man8/migrate-ds.pl.8.gz
b682e9
%{_sbindir}/ns-accountstatus.pl
b682e9
%{_mandir}/man8/ns-accountstatus.pl.8.gz
b682e9
%{_sbindir}/ns-activate.pl
b682e9
%{_mandir}/man8/ns-activate.pl.8.gz
b682e9
%{_sbindir}/ns-inactivate.pl
b682e9
%{_mandir}/man8/ns-inactivate.pl.8.gz
b682e9
%{_sbindir}/ns-newpwpolicy.pl
b682e9
%{_mandir}/man8/ns-newpwpolicy.pl.8.gz
b682e9
%{_sbindir}/remove-ds.pl
b682e9
%{_mandir}/man8/remove-ds.pl.8.gz
b682e9
%{_sbindir}/schema-reload.pl
b682e9
%{_mandir}/man8/schema-reload.pl.8.gz
b682e9
%{_sbindir}/setup-ds.pl
b682e9
%{_mandir}/man8/setup-ds.pl.8.gz
b682e9
%{_sbindir}/syntax-validate.pl
b682e9
%{_mandir}/man8/syntax-validate.pl.8.gz
b682e9
%{_sbindir}/usn-tombstone-cleanup.pl
b682e9
%{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz
b682e9
%{_sbindir}/verify-db.pl
b682e9
%{_mandir}/man8/verify-db.pl.8.gz
b682e9
%{_libdir}/%{pkgname}/perl
b682e9
%endif
b682e9
b682e9
%files snmp
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
b682e9
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
b682e9
%{_sbindir}/ldap-agent*
b682e9
%{_mandir}/man1/ldap-agent.1.gz
b682e9
%{_unitdir}/%{pkgname}-snmp.service
b682e9
b682e9
%files -n python%{python3_pkgversion}-lib389
b682e9
%doc LICENSE LICENSE.GPLv3+
b682e9
%{python3_sitelib}/lib389*
b682e9
%{_sbindir}/dsconf
b682e9
%{_mandir}/man8/dsconf.8.gz
b682e9
%{_sbindir}/dscreate
b682e9
%{_mandir}/man8/dscreate.8.gz
b682e9
%{_sbindir}/dsctl
b682e9
%{_mandir}/man8/dsctl.8.gz
b682e9
%{_sbindir}/dsidm
b682e9
%{_mandir}/man8/dsidm.8.gz
8394b4
%{_libexecdir}/%{pkgname}/dscontainer
b682e9
b682e9
%files -n cockpit-389-ds -f cockpit.list
232633
%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
b682e9
%doc README.md
b682e9
b682e9
%changelog
ea1d1b
* Mon Aug 24 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-10
ea1d1b
- Bump version to 1.4.2.4-10
ea1d1b
- Resolves: Bug 1862170 - fix default.ini file
ea1d1b
ea1d1b
* Fri Aug 21 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-9
ea1d1b
- Bump version to 1.4.2.4-9
ea1d1b
- Resolves: Bug 1867097 - Memory leak in ACI using IP subject
ea1d1b
- Resolves: Bug 1862170 - python3-lib389 pulls unnecessary bash-completion package
ea1d1b
- Resolves: Bug 1867988 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version
ea1d1b
8394b4
* Fri Mar 6 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-8
8394b4
- Bump version to 1.4.2.4-8
8394b4
- Resolves: Bug 1807971 - dsctl healthcheck fails at checking replica when conflict entries are present
8394b4
8394b4
* Fri Feb 7 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-7
8394b4
- Bump version to 1.4.2.4-7
8394b4
- Resolves: Bug 1744662 - DB Deadlock on modrdn appears to corrupt database and entry cache
8394b4
- Resolves: Bug 1779216 - dsctl doesn't work with 'slapd-' in the instance name
8394b4
- Resolves: Bug 1790984 - Crash on startup: Bus error in __env_faultmem.isra.1.part.2
8394b4
- Resolves: Bug 1793060 - dsctl healthcheck issues error : type object 'datetime.date' has no attribute 'fromisoformat'
8394b4
- Resolves: Bug 1758494 - LeakSanitizer: detected memory leaks in do_add 
8394b4
- Resolves: Bug 1790975 - Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10.
8394b4
8394b4
* Mon Jan 20 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-6
8394b4
- Resolves: Bug 1776227 - Error: 'PwPolicyManager' object has no attribute 'get_attr_list'
8394b4
- Resolves: Bug 1790975 - Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10(fix regression)
8394b4
- Resolves: Bug 1758473 - AddressSanitizer: heap-use-after-free in log_get_loglist
8394b4
- Resolves: Bug 1790259 - Change the default behavior of 'nsslapd-verify-filter-schema'
8394b4
- Resolves: Bug 1773114 - ns-slapd hangs during CleanAllRUV tests
8394b4
8394b4
* Tue Jan 14 2020 Mark Reynolkds <mreynolds@redhat.com> - 1.4.2.4-5
8394b4
- Bump version to 1.4.2.4-5
8394b4
- Resolves: Bug 1676699 - dsconf allows to set an empty password for Directory Manager
8394b4
- Resolves: Bug 1714688 - dscontainer executable should be placed under /usr/libexec/dirsrv/
8394b4
- Resolves: Bug 1773115 - bdb_start - Detected Disorderly Shutdown last time Directory Server was running
8394b4
- Resolves: Bug 1790975 - Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
8394b4
- Resolves: Bug 1790979 - ns-slapd is crashing while restarting ipactl
8394b4
- Resolves: Bug 1790981 - Entry cache contention during base search
8394b4
- Resolves: Bug 1790984 - Crash on startup: Bus error in __env_faultmem.isra.1.part.2
8394b4
8394b4
* Wed Nov 27 2019 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-4
8394b4
- Bump version to 1.4.2.4-4
8394b4
- Resolves: Bug 1685160 - [RFE] 389-DS Health Check Tool
8394b4
8394b4
* Fri Nov 15 2019 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-3
8394b4
- Bump version to 1.4.2.4-3
8394b4
- Issue 50712 - Version comparison doesn't work correctly on git builds (relates to #1748994)
8394b4
8394b4
* Fri Nov 15 2019 Matus Honek <mhonek@redhat.com> - 1.4.2.4-2
8394b4
- Bump version to 1.4.2.4-2
8394b4
- Fix missing runtime lib389 dependency (relates to #1748994)
8394b4
8394b4
* Thu Nov 14 2019 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-1
8394b4
- Bump verison to 1.4.2.4-1
8394b4
- Resolves: Bug 1748994 - Rebase 389-ds-base to 1.4.2 
b682e9